isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

3619 Commits

Author SHA1 Message Date
Todd C. Miller
452d63d6c1 sudoers_policy_list: do not set runas_pw to list_pw when listing 
This change introduced in sudo 1.9.13 is not actually needed.  The
"list" pseudo-command checks are performed via runas_matches_pw()
which does not use runas_pw.  GitHub issue #248
 2023-03-03 11:16:44 -07:00
Todd C. Miller
d9e9307d98 Fix "sudo -l command args", broken in sudo 1.9.13. 
The value of user_args should not contain the command to be run in
"sudo -l command args", only the arguments of the command being checked.
This restores the pre-1.9.13 behavior.  GitHub issue #249
 2023-03-03 11:12:18 -07:00
Todd C. Miller
b013711e48 Check for sudo_pow2_roundup() overflow. 
Calling sudo_pow2_roundup(INT_MAX+2) will return since there is no
power of 2 larger than INT_MAX+1 that fits in an unsigned int.
This is not an issue in practice since we restrict messages to 2Mib.
 2023-03-01 13:58:32 -07:00
Todd C. Miller
43378de75e Test non-fully qualified path name. 2023-02-28 09:11:26 -07:00
Todd C. Miller
7356a77969 Fix removal of y.tab.[ch] when generating gram.[ch]. 2023-02-28 09:06:48 -07:00
Todd C. Miller
172515c94d Add test for using "list" as user, runas and host. 2023-02-28 08:56:44 -07:00
Todd C. Miller
0197491e9c Move handling of the "list" pseudo-command from lexer to parser. 
The special handling of "list" in the lexer meant it could not
be used as a user, group or host, which was unintentional.
GitHub issue #246.
 2023-02-28 08:47:45 -07:00
Todd C. Miller
a4f31cff2b Plug memory leak with multiple matching CHROOT= entries. 
Found by oss-fuzz.
 2023-02-27 08:57:17 -07:00
Todd C. Miller
87ce692468 Fix potential double free for rules that include a CHROOT= option. 
If a rule with a CHROOT= option matches the user, host and runas,
the user_cmnd variable could be freed twice.
 2023-02-21 20:01:13 -07:00
Todd C. Miller
6c52056d36 Include error string when formatting a SLOG_PARSE_ERROR message if present. 2023-02-23 11:37:04 -07:00
Todd C. Miller
fb6740fa2e Add sudoers open errors to the list of parse errors sent via mail. 
Previously there would be one email for the open failure and a
separate one describing the parse error.  Now a single email message
contains everything.
 2023-02-22 18:49:09 -07:00
Todd C. Miller
1641c30ed6 visudo: quiet a compiler warning on Solaris 10. 
Also explicitly close /dev/tty fd instead of relying on closefrom()
in case the fd ends up being a value 0-2.
 2023-02-22 10:55:27 -07:00
Todd C. Miller
ba7b126451 Check tcsetpgrp() return value. 2023-02-21 16:34:12 -07:00
Todd C. Miller
0339337103 Run the editor in its own process group. 
This fixes suspending the editor on GNU Hurd which doesn't seem to
have proper process group signal handling.
 2023-02-21 16:14:14 -07:00
Todd C. Miller
1bcddb9602 Stub out pivot_root() and unpivot_root() for all but the sudoers module. 2023-02-21 14:46:27 -07:00
Todd C. Miller
8b9c1b962f Fix build when SUDOERS_NAME_MATCH is defined. 2023-02-21 13:47:27 -07:00
Todd C. Miller
b52631e877 Match using canonicalized directories where possible. 2023-02-21 13:24:33 -07:00
Todd C. Miller
0ef5373678 Add canon_path(), a realpath() wrapper that performs caching. 
This also adds a new user_cmnd_dir variable that stores the
canonicalized parent directory of the command to be run.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
78ff514358 match_command: apply runchroot if set when matching the command 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
bff4e3ce16 set_cmnd_path: apply runchroot if set when finding the command path 
Previously we would prepend runchroot to the path we were checking
but that does not properly handle symbolic links.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
13a311bc71 Add pivot_root() and unpivot_root() to switch the root dir and restore it. 
This will be used to more accurately handling command resolution and
path matching when a new root directory is specified.
 2023-02-21 13:24:33 -07:00
Todd C. Miller
a72bc5e6bf get_starttime: add support for GNU Hurd using the mach task_info call. 
This is currently Hurd-specific but could be made Mach-generic as
long as the equivalent of pid2task() is available.
 2023-02-19 07:18:37 -07:00
Todd C. Miller
0b000aab86 Only test get_starttime() on platforms where we support it. 
Fixes a test failure on systems where we have no way to determine
a process's start time.
 2023-02-18 11:46:33 -07:00
Todd C. Miller
2845ceafb0 Handle "locale -a" returning both C.UTF-8 and C.utf8. 
It is possible to have mutiple matches from the output of "locale
-a".  Just take the first one.  Fixes GitHub issue #241.
 2023-02-15 13:49:04 -07:00
Todd C. Miller
4f50692acc Add some missing files to the clean and distclean targets. 2023-02-15 10:22:42 -07:00
Todd C. Miller
a80dcc6aca Add compiled version of the sudoers Georgian translation. 2023-02-14 09:52:06 -07:00
Todd C. Miller
f1b07aed47 Regenerate .mo files. 2023-02-14 09:44:59 -07:00
Todd C. Miller
bdef2ad6d2 No longer need to define sudoers_recovery here. 2023-02-09 16:39:25 -07:00
Todd C. Miller
26385b45cf Recover from missing include file unless error_recovery is disabled. 
It is still treated as an error from a logging perspective, and
mail is still sent.
 2023-02-09 15:33:58 -07:00
Todd C. Miller
8960f50961 Updated translations from translationproject.org 2023-02-03 10:26:24 -07:00
Todd C. Miller
b333d16878 Add eventlog_mail() to send a log message via mail. 
This is used by mail_parse_errors() to send multi-line messages.
Previously, the newlines would be escaped as control characters.
 2023-02-09 11:09:24 -07:00
Todd C. Miller
1758c49d3e Get rid of sudoersdir and just use sysconfdir. 
There is no need for sudoersdir when it is always just set to sysconfdir.
 2023-02-02 19:29:26 -07:00
Todd C. Miller
3c9c8668c1 Avoid compilation errors if getaddrinfo() or freeaddrinfo() are macros. 
If this is the case we probably can't stub out the functions but
at least the fuzzer will compile.
 2023-01-31 13:33:59 -07:00
Todd C. Miller
0b2e662b2e Protect use of AF_INET6 with HAVE_STRUCT_IN6_ADDR guards. 
From Tim Rice.
 2023-01-31 12:22:47 -07:00
Todd C. Miller
179ad08c86 Updated translations from translationproject.org 2023-01-27 14:46:52 -07:00
Todd C. Miller
ab9b20be9e New Georgian translation from translationproject.org 2023-01-26 13:29:31 -07:00
Todd C. Miller
de021b60db Update .pot files for 1.9.13 2023-01-24 13:11:47 -07:00
Todd C. Miller
2d9c0d9034 Add eventlog_store_sudo() and use it in sudoreplay. 
This replaces the custom log formatting used by "sudoreplay -l".
 2023-01-22 15:27:53 -07:00
Todd C. Miller
9ddae66818 Add support for the struct kinfo_proc on Dragonfly BSD. 2023-01-19 13:22:32 -07:00
Todd C. Miller
1e0bb704c2 Restore the line that set errno to ENOENT when find_path() fails. 
This was inadvertently removed when the "goto bad" was added.
 2023-01-19 10:08:38 -07:00
Todd C. Miller
e3583e01b8 The sample plugin is now built by default to avoid bit rot. 
GitHub issue #234.
 2023-01-19 07:38:51 -07:00
Todd C. Miller
4f9da47e55 The change from sudo_printf -> sudo_plugin_printf was incomplete. 
Fixes GitHub issue #234.
 2023-01-19 07:38:29 -07:00
Todd C. Miller
7ff70c09fe Update expected plugin version. 2023-01-18 13:53:33 -07:00
Todd C. Miller
0865e61d9e Pass back the number of files to edit when using sudoedit. 
The sudo front-end can use this to determine where the list of files
to edit begins.
 2023-01-18 13:38:15 -07:00
Todd C. Miller
334daf92b3 Escape control characters in log messages and "sudoreplay -l" output. 
The log message contains user-controlled strings that could include
things like terminal control characters.  Space characters in the
command path are now also escaped.

Command line arguments that contain spaces are surrounded with
single quotes and any literal single quote or backslash characters
are escaped with a backslash.  This makes it possible to distinguish
multiple command line arguments from a single argument that contains
spaces.

Issue found by Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com).
 2023-01-18 08:21:34 -07:00
Todd C. Miller
0274a4f3b4 sudoedit: do not permit editor arguments to include "--" (CVE-2023-22809) 
We use "--" to separate the editor and arguments from the files to edit.
If the editor arguments include "--", sudo can be tricked into allowing
the user to edit a file not permitted by the security policy.
Thanks to Matthieu Barjole and Victor Cutillas of Synacktiv
(https://synacktiv.com) for finding this bug.
 2023-01-12 15:55:27 -07:00
Todd C. Miller
3878ce8d49 env_file_next_local: change the order of the val_len check. 
It makes more sense to verify that val_len > 1 before using it.
This is not a problem in practice because val[val_len - 1] is
guaranteed not to underflow but it can confuse reviewers and static
analyzers.
 2023-01-09 14:26:07 -07:00
Todd C. Miller
d781ab0a89 Fix typo in check for environment variables that start with '='. 2023-01-09 14:23:50 -07:00
Todd C. Miller
1f58e5a8e0 Fix IS_IDLOG macro, it was testing the wrong byte for the NUL. 
This causes the macro to evaluate to false even for valid TSIDs.
 2023-01-09 13:03:55 -07:00
Todd C. Miller
8309fbb970 sudoers_trace_print: this is a no-op if not debugging 2023-01-04 10:44:58 -07:00